All schools, regardless of whether maintained or otherwise are 'data controllers' in their own right and therefore responsible for their own information governance compliance (which includes data protection and transparency). Failure to comply with information governance legislation could mean that schools face enforcement action from the national regulator (the Information Commissioner's Office).
Under provisions of the GDPR, schools now have the requirement to appoint a statutory Data Protection Officer (DPO) who is responsible for:
- The provision of information governance advice
- The provision of training materials
- Monitoring compliance with legislation
- Liaising with the national regulator and service users
Your DPO should be independent from your management board and possess expertise in the application of information governance legislation.
Schools are able to appoint their own DPO. However, Veritau (the Council's internal audit, counter fraud and information governance service) does offer a DPO service tailored to schools. For more information please enquire with North Yorkshire Education Services http://nyestraining.co.uk/Services/1719 or contact SchoolsDPO@veritau.co.uk / 01904 554025.
Once your school has appointed a DPO they will be able to provide you with all your information governance guidance and support.